## https://community.letsencrypt.org/t/how-to-nginx-configuration-to-enable-acme-challenge-support-on-all-http-virtual-hosts/5622
location ^~ /.well-known/acme-challenge/ {
    allow all;
    default_type "text/plain";
    root /var/www/certbot;
}

location = /.well-known/acme-challenge/ {
    return 404;
}

## for gpg
location ^~ /.well-known/openpgpkey/ {
    default_type application/octet-stream;
    add_header Access-Control-Allow-Origin * always;
    root /var/www/gpg-wkd;
}
